Hacker News new | ask | show | jobs
by abofh 1481 days ago
For #4, this is actually frustratingly difficult, but if your constraints are not adding to the complexity, your best bet is to not, and just set your cookies to the domain. But if you like, one approach that would work: - Cert with SAN - CNAME's on the CF distribution - S3 Bucket And the sneaky bit: Use a cloudfront lambda to redirect "wrong" Hosts - comes with a cost, but it's super marginal.

Otherwise, your best approach is sadly a second cloudfront distribution with a different bucket (or bucket path) that just hosts a redirecting index key because you end up fighting stupid AWS design decisions.

Not that I've ever wasted stupid amounts of time on this particular problem...
5 comments
aidos 1481 days ago
These days my solution is to put cloudflare in front of it and walk away.

Good game to add to my current daily routine (heardle, Wordle, quordle, worldle), but man is it hard!

link
867-5309 1481 days ago
surely the answer is just an HTTP redirect?

thanks for heardle! have you tried nerdle?

link
aidos 1481 days ago
If you’re statically hosting on s3 then that isn’t an option while also supporting tls. You need something in front. You can go the cloudfront route but last time I looked it was all a bit of a pain. Cloudflare takes minutes to set up and the whole thing will be done and maintenance free.
link
867-5309 1481 days ago
thanks for the info. I use letsencrypt and have never had to touch it since setup, cloudflare must work in a similar way but handling DNS aswell
link
thaumasiotes 1481 days ago
> thanks for heardle! have you tried nerdle?

https://www.samandfuzzy.com/3138

link
Jarwain 1481 days ago
> For #4, this is actually frustratingly difficult, but if your constraints are not adding to the complexity, your best bet is to not, and just set your cookies to the domain. But if you like, one approach that would work: - Cert with SAN - CNAME's on the CF distribution - S3 Bucket And the sneaky bit: Use a cloudfront lambda to redirect "wrong" Hosts - comes with a cost, but it's super marginal.

> Otherwise, your best approach is sadly a second cloudfront distribution with a different bucket (or bucket path) that just hosts a redirecting index key because you end up fighting stupid AWS design decisions.

> Not that I've ever wasted stupid amounts of time on this particular problem...

Doesn't this document[0] cover dealing with ssl on cloud front? Plus Amazon's Cert Manager? Or is it missing something?

Pair that with an redirect/alias of www=>@ and you should be golden?

[0]https://docs.aws.amazon.com/AmazonCloudFront/latest/Develope...

link
dj_mc_merlin 1480 days ago
> Not that I've ever wasted stupid amounts of time on this particular problem...

I have also spent _too much time_ trying to get this to work. Gave up and used nginx instead.

link
thesuitonym 1481 days ago
It's a problem with going `serverless', for sure. To anyone running a proper http server, it's trivial.
link
richardwhiuk 1481 days ago
Could do a JS redirect, falling back to an iframe of the whole page?
link